DRAG DROP Match the Cyber-Attack Lifecycle stage to its correct description. https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/Palo_Alto_Networks_PCNSA/page_7_img_1.jpg

Question 9 - Palo Alto Networks PCNSA Real Exam Questions [Jan 2026 Update]

Q: 9

DRAG DROP Match the Cyber-Attack Lifecycle stage to its correct description.

Drag & Drop

Enable JavaScript to use the Drag & Drop feature.

stage where the attacker has motivation for attacking a network to deface web property
stage where the attacker scans for network vulnerabilities and services that can be exploited
stage where the attacker will explore methods such as a root kit to establish persistence
stage where the attacker has access to a specific server so they can communicate and pass data to and from infected devices within a network

Correct Answer:

Answer Area Reconnaissance: B. stage where the attacker scans for network vulnerabilities and services that can be exploited Installation: C. stage where the attacker will explore methods such as a root kit to establish persistence Command and Control: D. stage where the attacker has access to a specific server so they can communicate and pass data to and from infected devices within a network Act on the Objective: A. stage where the attacker has motivation for attacking a network to deface web property

Explanation

This question maps the descriptions to the corresponding stages of a typical cyber-attack lifecycle, often modeled after the Cyber Kill Chain®.

Reconnaissance is the initial phase where attackers perform research and gather information, such as scanning for open ports, services, and vulnerabilities to plan their attack.
Installation follows initial exploitation, where the attacker establishes a persistent foothold on the victim's system. Installing a rootkit is a common technique to maintain access and hide malicious activities.
Command and Control (C2) is the stage where the compromised system communicates with the attacker's infrastructure, allowing the attacker to issue commands and control the asset remotely.
Act on the Objective is the final stage where the attacker achieves their ultimate goal, such as data exfiltration, system disruption, or, in this case, defacing a web property.

References

Hutchins, E. M., Cloppert, M. J., & Amin, R. M. (2011). Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains. Lockheed Martin Corporation. In this foundational paper, the authors define the stages:

Reconnaissance (p. 4): "Research, identification and selection of targets..."

Installation (p. 6): "Installation of a persistent backdoor or implant in the victim environment..."

Command & Control (C2) (p. 6): "...adversaries establish a command channel to remotely manipulate the victim."

Actions on Objectives (p. 6): "...adversaries take actions to achieve their original goals," which could include website defacement.

Palo Alto Networks. What Is the Cyberattack Lifecycle? Palo Alto Networks Vendor Documentation. This resource outlines a similar model:

The "Installation" phase is described as the point where the attacker "establishes a backdoor" to maintain persistence.

The "Command and Control (C2)" phase is defined by the attacker gaining "hands-on keyboard access" and initiating communications between the infected device and their C2 server.

Rowe, N. C. (2014). A kill-chain model for cyber-attacks on C4I systems. Proceedings of the 9th International Conference on Cyber Warfare and Security, ICCWS 2014, p. 223. This academic paper discusses the kill-chain model, aligning with the descriptions provided. It notes that Reconnaissance involves "identifying vulnerabilities," Installation ensures "persistence," C2 enables "remote control," and Actions on Objectives is the "culmination" where the adversary's goals are met. DOI: 10.13140/2.1.3411.0086.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE